Configure certificate-based console authentication
You can set up certificate-based authentication in an on-premises envorinment so that administrators and users can log in using an authentication certificate.
BlackBerry UEM
verifies certificates against the issuer, verifies that the certificate is valid using the certificate OCSP or CRL settings, and verifies that the certificate matches a user in the BlackBerry UEM
database.This feature is not supported by
BlackBerry UEM Cloud
. Obtain copies of the CA certificates that issue your administrators' and users' client certificates in .cer or .der format.
- On the menu bar, clickSettings>General settings>Certificate-based console authentication.
- SelectEnable certificate-based authentication.
- ClickBrowseand navigate to the location where you saved the CA certificate files. Select a file and clickOpento upload the certificate toBlackBerry UEM.BlackBerry UEMtrusts all certificates issued by that CA. Repeat this step to upload additional certificates.
- SelectCheck for user principal name for SANto requireBlackBerry UEMto verify that the user principal name in the certificate matches a user in theBlackBerry UEMdatabase.If the user principal name in the certificate matches a known user,BlackBerry UEMgrants access according to the user's permissions.
- SelectCheck for email addressto requireBlackBerry UEMto verify that the user email address in the certificate matches a user email address in theBlackBerry UEMdatabase.If the user email address in the certificate matches a known user,BlackBerry UEMgrants access according to the user's permissions. If you select bothCheck for user principal name for SANandCheck for email address,BlackBerry UEMchecks the principal name before the email address and grants access if the principal name matches. If neither check finds a match between the certificate and a known user,BlackBerry UEMdenies access.
- ClickSave.
If users access
BlackBerry UEM
using Mozilla Firefox
, the user must add their client certificate to the Firefox
certificate store to authenticate with BlackBerry UEM
using certificate-based authentication.